Apple email client stores the S/MIME encrypted emails as a plain text with the database file even though Siri is disabled on the MAC.
Security researcher Bob Gendler discovered the issue while checking how macOS and Siri suggest contacts to the user. He spotted that snippets.db database file in the suggestion folder where the emails are stored.
Encrypted Email Stored as Unencrypted
Bob observed that snippets.db database storing the full email content as the plain text, even though the email encrypted with S/SMIME certificate it stores content in plain text, it would be a big deal for users who use the S/MIME certificate’s to protect their contents.
“This is not the expected behavior and can be considered an inadvertent information exposure,” Bob said.
The information stored in these databases is used by macOS and Siri to provide information suggestions.
The S/MIME expanded as Secure/Multipurpose Internet Mail Extensions allows users to encrypt and digitally sign emails. It is based on asymmetric cryptography and it contains a public and private key.
With S/MIME certificate emails are encrypted with sender private key and recipient public key, vice Versa in the recipient end.
But “unfortunately, snippets.db stores these encrypted messages completely UNENCRYPTED, not requiring the private key to read the message. This completely defeats the purpose of utilizing and sending an encrypted email.”
Bob also found another database entities.db that stores the people’s names, email, and phone numbers, it acts as an address book. Even though Siri is disabled accessing Apple mail it continues to store the data.
The issue has been submitted to Apple on July 29, but still, the issue was not addressed, Apple suggested that “disabling learning from Apple Mail” will fix the issue, but Bob confirms that “Disabling Siri doesn’t stop macOS from collecting data for Siri.”
Bob published a blog detailing the issue and suggested 3 ways to disable the learning process from Apple Mail.